Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Desklib: Study Material Library with Solved Assignments & Essays

Verified

Added on 2023/06/08

AI Summary

The article discusses defenses against SQL injection attacks, XML injection attacks, and XSS. It also covers data loss prevention products, advantages and disadvantages of HTTPS, and cloud computing. Additionally, it includes an interview with a network administrator on cybersecurity.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: ASSIGNMENT 1
ADVANCE SECURITY
STUDENT’S NAME
COURSE
UNIVERSITY
PROFESSOR
DATE

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

2
Table of Contents
Question one: SQL, XML XSS...............................................................................................4
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS....4
SQL attacks...........................................................................................................................4
B. Difficulties in preventing SQL, XML and XSS attacks.............................................5
C. Reasons why defences to prevent XSQL, XML XSS are difficult to implement.......5
c) Reasons why defences are not used extensively.............................................................5
Question two: data loss prevention.........................................................................................6
Data loss prevention products................................................................................................6
Symantec data loss prevention............................................................................................6
Features of Symantec data loss prevention.........................................................................6
Trustwave data loss prevention...........................................................................................6
Features of data loss prevention..........................................................................................6
Checkpoint data loss prevention.........................................................................................7
2b) Features of checkpoint data loss prevention....................................................................7
Features of trustwave data loss prevention.........................................................................7
Features of checkpoint data loss prevention.......................................................................7
Question 3..................................................................................................................................8
Advantages of HTTPS............................................................................................................8
Disadvantages of HTTPS.......................................................................................................8
Difference between HTTPS and HTTP..................................................................................9

3
How HTTPS protected you when you are connected you connect to a Wi-Fi.......................9
Reasons why web traffic should use HTTPS.........................................................................9
Question 4: cloud computing...................................................................................................10
a) Literature review.........................................................................................................10
b) Why they is need to consider cloud computing in an organization.................................10
technical limitation of cloud computing...............................................................................11
Question 5: cyber security........................................................................................................11
a) Cybersecurity interview...................................................................................................11
b) Summary of the interview:...............................................................................................13
c) Lesson learned from the interview...................................................................................13
References................................................................................................................................14

4
Question one: SQL, XML XSS
A. Defenses to protect against SQL injection attacks, XML injection attacks, and XSS
SQL attacks
Roth, Gregory & Brandwin (2018) showed the following measures to prevent SQL attacks
 Firewall: think of a web application firewall- this can be either hardware or a software
application that can help to get rid of malicious data. The important and safe once are
set to the default rules and make it flexible to add other rules whenever it is required.
A WAF may be useful in providing some security against the vulnerability.
 Make use of suitable privileges- never connect to a database with the admin privileges
unless you have a genuine reason to do so.
 Examine the SQL statements that come from your database.
XML attacks
Deactivate parsing of Inline DTDs- the Inline DTDs is a tool that is hardly used. Though
external attacks will remain a threat due to XML parsing libraries and do not deactivate this
tool by default.
Reduce the authorizations of web server process – execute most of your server processes with
only sanctions they need. Track the least privilege principle. This is protecting directories that
can be accessed in the file systems (EVANS &Flanagan 2018)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

5
XSS attacks
 Escaping- XSS attacks can only be prevented be avoiding the user inputs. Escaping
involves taking the application data and making sure that it is safe for the end user.
Build the data to your web page and ensure that it does not allow a view of coding
characters used.
 Validating inputs- it is a process of ensuring that the seawards are performing the
tasks it was built for and restricting unsecured data from harming the software.
B. Difficulties in preventing SQL, XML and XSS attacks.
 XSS threats are may be hard to restrict because of availability of several vectors
where a XSS attack may be used in many applications. Furthermore other threats like
 SQL injection or operating systems command injections. XSS affects only the end
users of the website. This makes the most challenging to know and even very hard to
fix the issue. ((Girisan & Savitha & 2018)
C. Reasons why defences to prevent XSQL, XML XSS are difficult to implement.
XSS is more difficult than SQL because it has only one strategy to control cross-site scripting
vulnerabilities, unlike SQL which make use of set documents.
The use XML as a mark-up language may be ill-suited in postulating multifarious metadata
that active dependencies or wiring a logic that is command based or that defines domain
particular languages.
c) Reasons why defences are not used extensively
Ending tags in XML, SQL helps much during the nesting runs deep. But it may hurt in cases
where there is a requirement to prompt a modest construct using small data items. The
problem comes when there is a need to process a certain number of objects at a specific time
to prevent threats.

6
Question two: data loss prevention
Data loss prevention products
Symantec data loss prevention
Is known for its important in preventing cybersecurity attacks. This helps to protect and
monitor both the consumers and the organization itself.
Furthermore, it helps to control, see and regulate how information is used whether the
workers are connected or not. The software puts in a very secure state hence the data
would never be stolen or lost at wherever it is stored (Roth et al, 2018)
Features of Symantec data loss prevention
 It is cloud compatible
 Has no free trial
 Work in desktop platforms
 Has no autonomous feature
Trustwave data loss prevention
This tool provides companies with all the tools they might want to discover, secure and
monitor information while obeying both external and internal regulations. The system is
equipped with risk and policy settings which is very flexible all the business needs in
safeguarding their platforms (Antoun & Zuo, 2018).)
Features of data loss prevention
 It uses desktop platforms
 Has autonomous function
 Cloud compatible
 Has demo free trial

7
Checkpoint data loss prevention
It includes much unique cybersecurity procedure to help the company to prevent data from
being sent accidentally or being leaked to the wrong hands. It aims to educate all the users of
software on threats of data loss (Sarin, et al 2018)
2b) Features of checkpoint data loss prevention
 Easy to use
 Use desktop platforms
 Has no autonomous function
 Not Compatible to cloud
 Has a free trial for data loss
Features of trustwave data loss prevention
 It uses desktop platforms
 Has autonomous feature
 Cloud compatible
 Has demo free trial solution solutions.
Features of checkpoint data loss prevention
 Easy to use
 Use desktop platforms]
 Has no autonomous feature
 Not Compatible to cloud
 Has a free trial for data loss

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

8
Question 3
Advantages of HTTPS
 User data encryption- SSL certificates make data to be encrypted this means that no
unauthorized person can access the information
 Better Search Engine Optimization- this is very important when it comes to online
visibility. Taking SEO seriously helps the website to be at the top of the search engine
Disadvantages of HTTPS
 Pages that are accessed through HTTPS cannot be cached in a joint cached because
the communication between a server and a browser is secured.
 Some of the proxy or firewall does not prevent access to sites for HTTPS; this allow
HTTPS to be secure by ensuring end-to-end encryption(Kalinin,2018)

9
Difference between HTTPS and HTTP
HTTPS stands for HyperText Transfer Protocol Secure that is a combination of HTTP and
SSL/TLS on the other hand HTTP is refers to HyperText Transfer Protocol. They are both
made to transfer information between the server and the clients (QASAIMEH, ALA &
KHAIRALLAH,2018)
 How server is set up for HTTPS transactions
 Host it using enthusiastic IP
 Purchase a certificate
 Activate certificate
 Install certificate
 Update your HTTPS
How HTTPS protected you when you are connected you connect to a Wi-Fi
While you are on the Wi-Fi, the HTTPS is always encrypted and adds another stratum of
security that makes the browsing more secure. Your traffics would never be visible to hackers
when snooping around the network.
Reasons why web traffic should use HTTPS.
You should use HTTPS for all your web traffic because the encryption feature found in it is
made to provide benefits such as integrity, identity, and confidentiality.
How HTTPS protected you when you connected you connect to a Wi-Fi
While you are on the Wi-Fi, the HTTPS is always encrypted and adds another stratum of
security that makes the browsing more secure. Your traffics would never be visible to hackers
when snooping around the network.

10
Question 4: cloud computing
a) Literature review
Cloud computing is a computing technique where a pool of systems are linked together in a
public or a private network, to give enthusiastically scalable structure for application, data
storage, computing cost and hosting services.
The prevailing information systems in cloud computing that the organization apply for shows
that there is a lack of research on the adoption of technology. Moreover, there is a necessity
to benchmark and apply knowledge use by big companies like that of Amazon Web service
(Byres & Lowe 2004)
Cloud computing has developed gradually. It has upsurge interest from business since it was
intercepted. By the use of an innovative technology delivery model, cloud technology can
add strategic and technical value to companies
b) Why they is need to consider cloud computing in an organization.
Cloud computing allows the business and its clients to assimilate and combine several diverse
services together that give rise to productivity and creativity. Cloud computing leads to
positive gain and motivates staff in an organization since it offers several solutions and
rewards to business like scalability, flexibility and minimizes the cost of goods and service.
Cloud computing has aided several enterprises by minimizing cost and enhancing focus on
basic business competence, not only the information technology but also in issues of
infrastructure
Security is a significant factor in cloud computing that should not be taken literally because it
holds most of the organization's resources. In case of any threat arising in the application
technology, the enterprise would server a lot.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

11
Technical limitation of cloud computing
 Downtime is mostly cited as one of the major shortcomings of cloud computing, due
to the facts that the cloud basically involves the use of website, service slowdown or
service outages are the common issues.
 With the use of cloud computing, every task is performed online. This exposes
possible vulnerabilities. Even the best enterprises may grieve severe attacks and safety
shores every time. It is quite easy to use cloud computing because it is user-friendly
than to learn and understand the facts behind it ((Armbrust et al, 2010))
Question 5: cyber security
a) Cybersecurity interview
Interviewer: Student
Interviewee: Network Administrator
Interview settings: Interview was carried out in the office of Network administrator at 4:20
PM on Tuesday afternoon:
Connection with the interviewee: the network administrator has been my lecturer for three
units.
( Initiation of an interview)
Interviewer: mostly when it comes to cybersecurity, what is your role as a network
administrator?
Interviewee: in my position, my work here is to safeguard the intuition’s data against
unauthorized access and to put down measures that can help the organization to overcome the
threats and vulnerability issues (Wang & Lu, 2013)

12
Interviewer: do you go for research?
Interviewee: many of my research are information technology
Interviewer: what kind of research do you do?
Interviewee: I major so much on threats and vulnerability issue that are related to cyber-
attacks, everyday technology comes in with more IT techniques and inventions the fraudsters,
on the other hand, work hard and takes the advantages of the technology to access people’s
private information. Therefore there need to do everyday research to make sure that the
institution is updated on such issues to take control (Antoun & Zuo,2018).
Interviewer: I have you ever work in any industry before you become a network
administrator?
Interviewee? I was employed to be an assistant IT professional at FGIT Project for two years
after my graduation with masters, and the field is not an industry, it’s more of educational.
Interviewer: what skills are required to overcome cybersecurity threats security?
Interviewee: security engineering skills are the first and most important, engineer and built a
network that is very secure. The second skill is the encryption, protect network servers like a
computer and the organization database, encryption is important to companies that have
implemented the cloud computing technology, the third one detection to response skill, you
need to examine any actions that look suspicious constantly monitor to prevent huge loses.
The fourth skill is firewall development that is getting read of data that might be malicious.
Last but not least the vulnerability and analyses skills:
Interviewer: thank you for your time I have learned a lot.
Interviewee: you are always welcome.

13
b) Summary of the interview:
Security is important given the design of how many work and our daily activities are getting
embedded with the use of technology. When devices are connected it create a dialogs among
devices interface, the cloud and private infrastructures, this create a chance for hackers to
spy. This has led to high demand for information technology professionals to create and solid
and less susceptible networks.
c) Lesson learned from the interview
 Help to in developing foundational knowledge of the information technology
principles and the state of cyber defences
 Understanding of how the engineering process is applied effectively to protect
multifaceted clink systems.
 Help in developing and practice skills for accessing vulnerabilities and threats,
creating a security plan and providing a procedure to be followed in case of an
incident regarding security happens.
 Help to understand the importance of encrypting private data over a network

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

14
References
Antoun, R. A., & Zuo, J. (2018). U.S. Patent Application No. 15/419,756.
Armbrust, M., Fox, A., Griffith, R., Joseph, A. D., Katz, R., Konwinski, A., ... & Zaharia, M.
(2010). A view of cloud computing. Communications of the ACM, 53(4), 50-58.
Byres, E., & Lowe, J. (2004, October). The myths and facts behind cyber security risks for
industrial control systems. In Proceedings of the VDE Kongress (Vol. 116, pp. 213-
218).
EVANS, B. F., & Flanagan, D. (2018). Java in a nutshell: a desktop quick reference.
O'REILLY MEDIA, Incorporated, USA.
Girisan, E. K., & Savitha, T. (2018). High Secure Web Service to Resolve Different Web
Vulnerabilities. Journal of Network Communications and Emerging Technologies
(JNCET) www. jncet. org, 8(2).
Girisan, E. K., & Savitha, T. (2018). High Secure Web Service to Resolve Different Web
Vulnerabilities. Journal of Network Communications and Emerging Technologies
(JNCET) www. jncet. org, 8(2).
Kalinin, D. (2018). Database web application.
Mell, P., & Grance, T. (2011). The NIST definition of cloud computing
Roth, Gregory Branchek, Eric Jason Brandwine, and Matthew James Wren. "Data loss
prevention techniques." U.S. Patent No. 9,912,696. 6 Mar. 2018.
Sarin, Sumit Manmohan, Sumant Modak, Amit Shinde, and Bishnu Chaturvedi. "Technique
for data loss prevention through clipboard operations." U.S. Patent Application
15/798,482, filed February 22, 2018.

15
QASAIMEH, M., ALA’A, S. H. A. M. L. A. W. I., & KHAIRALLAH, T. (2018). BLACK
BOX EVALUATION OF WEB APPLICATION SCANNERS: STANDARDS
MAPPING APPROACH. Journal of Theoretical and Applied Information
Technology, 96(14).
Wang, W., & Lu, Z. (2013). Cyber security in the smart grid: Survey and
challenges. Computer Networks, 57(5), 1344-1371.

1 out of 15

+13062052269

info@desklib.com

Desklib: Study Material Library with Solved Assignments & Essays

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Related Documents

Advanced E-Security: Defences against Injection Attacks, DLP Products, HTTPS, Cloud Services, and Cybersecurity Approaches